Thanks, Anne. This pretty much describes exactly what we were hoping to do
with Suborigins. I'll write this up into the spec in a bit. Looks like it
should be as simple as adding Suborigins to the list of cookie-averse
Document object types:
https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object
--Joel
On Thu, May 19, 2016 at 8:19 AM Devdatta Akhawe <dev.akhawe@gmail.com>
wrote:
> Yup that seems like what we want. Thanks!
> On May 19, 2016 8:04 AM, "Artur Janc" <aaj@google.com> wrote:
>
>> On Thu, May 19, 2016 at 4:52 PM, Anne van Kesteren <annevk@annevk.nl>
>> wrote:
>>
>>> On Thu, May 19, 2016 at 4:48 PM, Devdatta Akhawe <dev.akhawe@gmail.com>
>>> wrote:
>>> > I don't think I have heard of "cookie averse document object". Can you
>>> > clarify a bit more?
>>>
>>> Well, it's part of how document.cookie is defined. If you're planning
>>> on changing the document.cookie API, I recommend reading up on that:
>>> https://html.spec.whatwg.org/multipage/dom.html#dom-document-cookie.
>>
>>
>> FWIW this seems reasonable to me for the suborigin case as it matches the
>> goals of the "safe cookie mode" quite well.
>>
>